<?php
include ('../functions.php');
session_start();
if(isset($_SESSION["admin"]) AND time()<($_SESSION["admin"])){
$_SESSION["admin"] = time()+300;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>THE SHOP :: main</title><link rel="stylesheet" type="text/css" href="../style.css"/></head><body><div id="logo"><a href="../index.php"><img src="../img/logo.PNG" alt="THE SHOP"/></a></div>
<div id="main">

 <table width="100%" cellspacing="0" cellpadding="0">
    <tr><td id="mainpart"> <div id="menutable">
    <table width="95%" border="0">
      <tr>
        <td><p id="menu"><a href="../index.php">Main page</a> :: <a href="../products.php">Product list</a> :: <a href="../faq.php">FAQ</a> :: <a href="../info.php">About</a> :: <a href="../cart.php">Shopping cart</a></p></td>
        <td><form action="search.php" method="post" id="searchfield">
          <input name="search" type="text" value="search" size="20" maxlength="100" />
          <input name="search2" type="button" value="Search" />
        </form></td>
      </tr>
    </table>
  </div>
            <table id="layouttable">
            <tr><td><h3>ADMINISTRATION</h3></td></tr>
            <tr><td>
                    Modifying a product. <b>PLEASE NOTE:</b> You must fill out <u>all</u> fields!<br><br>
                        <table><tr><td colspan="2">
                         <?php
                         $_SESSION["product"] = $_POST["mod"];
                         if(!isset($_POST[submit])){
            $sqlconnect=mysql_connect('localhost', 'root', 'kissakala');
            $dbselect=mysql_select_db('theshop', $sqlconnect);
            $sqlquery="SELECT * FROM products WHERE prodNo LIKE '$_POST[mod]'";
            $sqlresult=mysql_query($sqlquery, $sqlconnect);
            while($sqlRow=mysql_fetch_array($sqlresult, MYSQL_ASSOC))
            {
            $id=$sqlRow['prodNo'];
            $pic=$sqlRow['prodPic'];
            $name=$sqlRow['prodName'];
            $desc=$sqlRow['prodDesc'];
            $value=$sqlRow['prodValue'];
            $amount=$sqlRow['prodAmount'];
            $ship=$sqlRow['prodShip'];
            $descshort=$sqlRow['prodShortDesc'];
            echo "<b>ID:</b>$id <b>Pic:</b> $pic <b>Name:</b> $name <b>Description:</b> $desc <b>Value:</b> $value <b>Amount:</b> $amount <b>Shipping costs:</b> $ship <b>Short description:</b> $descshort<br><br>";
            }
            mysql_close($sqlconnect);
?>
                                </td></tr><tr><td>New information:</td></tr><tr><td>
                    <form action="modify.php" method="post">
                        Picture url: </td><td><input type="text" name="pic" size="20"></td></tr><tr><td>
                        Name: </td><td><input type="text" name="name" size="20"></td></tr><tr><td>
                        Description: </td><td><input type="text" name="desc" size="20"></td></tr><tr><td>
                        Value: </td><td><input type="text" name="value" size="20"></td></tr><tr><td>
                        Amount: </td><td><input type="text" name="amount" size="20"></td></tr><tr><td>
                        Shipping cost: </td><td><input type="text" name="ship" size="20"></td></tr><tr><td>
                        Short description: </td><td><input type="text" name="shortdesc" size="20"></td></tr><tr><td>
                    <input type="submit" name="submit" value="Modify">
                    </form></td></tr>
                    </td></tr></table> <? }
                         else {
                             $sqlconnect=mysql_connect('localhost', 'root', 'kissakala');
                             $dbselect=mysql_select_db('theshop', $sqlconnect);
                             $sqlquery="UPDATE products SET prodPic = \"'$_POST[pic]'\", prodName = \"'$_POST[name]'\", prodDesc = \"'$_POST[desc]'\", prodValue = \"'$_POST[value]'\", prodAmount = ''$_POST[amount]'', prodShip = ''$_POST[ship]'', prodShortDesc = ''$_POST[shortdesc]'', WHERE prodNo LIKE ''$_SESSION[product]''";
                             $sqlresult=mysql_query($sqlquery, $sqlconnect);
                             mysql_close($sqlconnect);
                             echo "Database updated.";
                         } ?>
            <a href="options.php">Go back to options</a><br><br>
            </tr></td></table>
        </td>
      </tr>
</table>
        <? putFooter(); ?>
</div>
    <? }
else { ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>THE SHOP :: main</title><link rel="stylesheet" type="text/css" href="../style.css"/></head><body><div id="logo"><a href="../index.php"><img src="../img/logo.PNG" alt="THE SHOP"/></a></div>
<div id="main">
     <table width="100%" cellspacing="0" cellpadding="0">
    <tr><td id="mainpart"> <div id="menutable">
    <table width="95%" border="0">
      <tr>
        <td><p id="menu"><a href="../index.php">Main page</a> :: <a href="../products.php">Product list</a> :: <a href="../faq.php">FAQ</a> :: <a href="../info.php">About</a> :: <a href="../cart.php">Shopping cart</a></p></td>
        <td><form action="search.php" method="post" id="searchfield">
          <input name="search" type="text" value="search" size="20" maxlength="100" />
          <input name="search2" type="button" value="Search" />
        </form></td>
      </tr>
    </table>
  </div>
            <table id="layouttable">
            <tr><td><h3>ADMINISTRATION</h3></td></tr>
            <tr><td>SESSION TIMEOUT! PLEASE LOGIN AGAIN! <a href="index.php">To the index page</a></td></tr>
            </table>
            <? putFooter(); ?>
            </div>
    <?
}
?>

</body></html>
